18 lines
848 B
Bash
18 lines
848 B
Bash
#!/bin/bash
|
|
|
|
# When initializing step-ca with the docker flag DOCKER_STEPCA_INIT_ACME
|
|
# a basic ACME provisioner is enabled. This script runs commands to modify the
|
|
# default configuration.
|
|
|
|
# Enable forceCN if not set.
|
|
# This is needed because certbot does not include a
|
|
# Subject CN field in the CSR:
|
|
# https://github.com/certbot/certbot/issues/9633#issuecomment-1484988078
|
|
# ... and the Mosquitto MQTT server uses the Subject CN in ACL filters.
|
|
#
|
|
# Ideally Mosquitto would learn to look at the SAN field instead:
|
|
# https://github.com/eclipse-mosquitto/mosquitto/issues/2511
|
|
if [ "$(step ca provisioner list | jq -r '.[] | select (.name == "acme") | .forceCN')" = "null" ]; then
|
|
step ca provisioner update acme --force-cn --admin-subject=step --admin-provisioner=admin --admin-password-file=/opt/step-ca/init/secrets/provisioner-password
|
|
fi
|